]> git.itanic.dy.fi Git - linux-stable/commit
projects / linux-stable / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6291b3a) | patch
netfilter: nf_nat: mask out non-verdict bits when checking return value
authorFlorian Westphal <fw@strlen.de>
Wed, 11 Oct 2023 07:59:37 +0000 (09:59 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 18 Oct 2023 08:26:43 +0000 (10:26 +0200)
commit35c038b0a4be197679deefaf96998241cb7efc88
tree74b83200f08035ab4dbf5ea1756de7fb7ad05c79tree | snapshot
parent6291b3a67ad55102f163f6a636bc540e460f892dcommit | diff
netfilter: nf_nat: mask out non-verdict bits when checking return value

Same as previous change: we need to mask out the non-verdict bits, as
upcoming patches may embed an errno value in NF_STOLEN verdicts too.

NF_DROP could already do this, but not all called functions do this.

Checks that only test ret vs NF_ACCEPT are fine, the 'errno parts'
are always 0 for those.

Signed-off-by: Florian Westphal <fw@strlen.de>
net/netfilter/nf_nat_proto.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.